Re: slapo-ppolicy 2.4 vs. 2.5
On Sat, May 01, 2021 at 05:31:44PM +0200, Michael Ströder wrote:
HI!
slapo-ppolicy in OpenLDAP 2.5 shows slightly different behaviour in
python-ldap0 tests (see test output below).
Tests:
https://gitlab.com/ae-dir/python-ldap0/-/blob/master/tests/test_ppolicy.py
When working with Ondřej for solving ITS#9279 I finally "fixed" ldap0
tests to accomodate the behaviour of OpenLDAP 2.4.x. I did not feel
comfortable back then because it was not clear to me whether it was the
correct fix.
Do you have any tests you could run against 2.4 and 2.5 to verify
whether both have same behaviour?
Ciao, Michael.
======================================================================
FAIL: test003_ppolicy_grace_logins (tests.test_ppolicy.TestPPolicy)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/michael/Proj/ae-dir/python-ldap0/tests/test_ppolicy.py",
line 235, in test003_ppolicy_grace_logins
self.assertEqual(
AssertionError: 'Password expired! 1 grace logins left.' != 'Password
expired! 2 grace logins left.'
- Password expired! 1 grace logins left.
? ^
+ Password expired! 2 grace logins left.
? ^
Does the count reported match the wording of the draft in section 6.2?
"""
The graceAuthNsRemaining warning specifies the remaining number of times
a user will be allowed to authenticate with an expired password.
"""
If not, please reopen ITS#7596 with a test case.
Thanks,
--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP